Does Captive Portal block only HTTP packets from LAN to WAN?



  • Hi everybody
    Does Captive Portal block only packets going from LAN to WAN on port 80, or
    block any packets going from LAN to WAN on any ports?

    Captive Portal will be enabled on LAN interface of pfSense,and VOIP packets exist behind LAN interface of pfSense..
    Does Captive Portal block VOIP packets from LAN to WAN?



  • It blocks everything for an IP/MAC combination which is not authenticated.
    If it is authenticated then it depends on your firewall rules.



  • As far as i know, captive portal works based on ipfw rdr rules.
    if ip/mac combination of the client doesn't exist in table 1, it redirects the client packet to port 8000.
    if the client authenticates, then Floating Rules will begin to work for that client's traffic..

    should I define all voip ip addresses in the Captve Portal's Allowed IP Addresses? if I do this, does Captive Portal allow packets
    coming from the clients (defined in Allowed IP Addresses) to everywhere.

    NOTE : In my Floating Rules, voip ip addresses are allowed to any on any ports.

    @Nachtfalke:

    It blocks everything for an IP/MAC combination which is not authenticated.
    If it is authenticated then it depends on your firewall rules.



  • If you add the hosts to "Allowed IP addresses" or "MAC bypass" then this host will bypass CP and does not need  to authenticate. The rest depends again on your firewall rules.

    "Allowed IP addresses" can be defines in source or destination.



  • thanks a lot.. it will force me to define 60-70 ip addresses (voip, card reading terminals, ip telephones, ip fax devices) in Allowed IP addresses…

    Thank you again for your help..
    @Nachtfalke:

    If you add the hosts to "Allowed IP addresses" or "MAC bypass" then this host will bypass CP and does not need  to authenticate. The rest depends again on your firewall rules.

    "Allowed IP addresses" can be defines in source or destination.


Log in to reply